Jump to content

Bluedragon07

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Posts posted by Bluedragon07

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.57

    Windows 7 Service Pack 1 x86 (UAC is enabled)

    Internet Explorer 9

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Firewall Enabled!

    WMI entry may not exist for antivirus; attempting automatic update.

    `````````Anti-malware/Other Utilities Check:`````````

    Malwarebytes Anti-Malware version 1.70.0.1100

    Java 6 Update 32

    Java version out of Date!

    Adobe Flash Player 11.5.502.146

    Adobe Reader 10.1.5 Adobe Reader out of Date!

    Mozilla Firefox (18.0.1)

    ````````Process Check: objlist.exe by Laurent````````

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbamgui.exe

    Malwarebytes' Anti-Malware mbamscheduler.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 0%

    ````````````````````End of Log``````````````````````

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    ESETSmartInstaller@High as downloader log:

    all ok

    # version=8

    # OnlineScannerApp.exe=1.0.0.1

    # OnlineScanner.ocx=1.0.0.6889

    # api_version=3.0.2

    # EOSSerial=f71a2caff8df5948acbb5461ded5a418

    # end=finished

    # remove_checked=false

    # archives_checked=false

    # unwanted_checked=true

    # unsafe_checked=false

    # antistealth_checked=true

    # utc_time=2013-01-22 07:21:14

    # local_time=2013-01-21 11:21:14 (-0800, Pacific Standard Time)

    # country="United States"

    # lang=1033

    # osver=6.1.7601 NT Service Pack 1

    # compatibility_mode=5893 16776574 66 85 67617745 110384065 0 0

    # scanned=91028

    # found=1

    # cleaned=0

    # scan_time=3508

    C:\Users\Allan\Downloads\WinZip170.exe a variant of Win32/OpenInstall application 36326217E447F16600CF77DEBDDA0145E431543C I

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    # AdwCleaner v2.106 - Logfile created 01/17/2013 at 23:34:57

    # Updated 17/01/2013 by Xplode

    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)

    # User : Allan - VINCENTPRICE

    # Boot Mode : Normal

    # Running from : C:\Users\Allan\Downloads\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    Key Deleted : HKLM\Software\Conduit

    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\kgvuflc5.default\prefs.js

    C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\kgvuflc5.default\user.js ... Deleted !

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1095 octets] - [17/01/2013 16:05:57]

    AdwCleaner[s1].txt - [1131 octets] - [17/01/2013 23:34:57]

    ########## EOF - C:\AdwCleaner[s1].txt - [1191 octets] ##########

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.01.0.1016

    © Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x86

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    Java version: 1.6.0_32

    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

    CPU speed: 1.662000 GHz

    Memory total: 1062584320, free: 362827776

    ------------ Kernel report ------------

    01/17/2013 15:46:46

    ------------ Loaded modules -----------

    \SystemRoot\system32\ntkrnlpa.exe

    \SystemRoot\system32\halmacpi.dll

    \SystemRoot\system32\kdcom.dll

    \SystemRoot\system32\mcupdate_GenuineIntel.dll

    \SystemRoot\system32\PSHED.dll

    \SystemRoot\system32\BOOTVID.dll

    \SystemRoot\system32\CLFS.SYS

    \SystemRoot\system32\CI.dll

    \SystemRoot\system32\drivers\Wdf01000.sys

    \SystemRoot\system32\drivers\WDFLDR.SYS

    \SystemRoot\system32\drivers\ACPI.sys

    \SystemRoot\system32\drivers\WMILIB.SYS

    \SystemRoot\system32\drivers\msisadrv.sys

    \SystemRoot\system32\drivers\pci.sys

    \SystemRoot\system32\drivers\vdrvroot.sys

    \SystemRoot\System32\drivers\partmgr.sys

    \SystemRoot\system32\DRIVERS\compbatt.sys

    \SystemRoot\system32\DRIVERS\BATTC.SYS

    \SystemRoot\system32\drivers\volmgr.sys

    \SystemRoot\System32\drivers\volmgrx.sys

    \SystemRoot\System32\drivers\mountmgr.sys

    \SystemRoot\system32\drivers\atapi.sys

    \SystemRoot\system32\drivers\ataport.SYS

    \SystemRoot\system32\drivers\msahci.sys

    \SystemRoot\system32\drivers\PCIIDEX.SYS

    \SystemRoot\system32\drivers\amdxata.sys

    \SystemRoot\system32\drivers\fltmgr.sys

    \SystemRoot\system32\drivers\fileinfo.sys

    \SystemRoot\System32\Drivers\PxHelp20.sys

    \SystemRoot\System32\Drivers\Ntfs.sys

    \SystemRoot\System32\Drivers\msrpc.sys

    \SystemRoot\System32\Drivers\ksecdd.sys

    \SystemRoot\System32\Drivers\cng.sys

    \SystemRoot\System32\drivers\pcw.sys

    \SystemRoot\System32\Drivers\Fs_Rec.sys

    \SystemRoot\system32\drivers\ndis.sys

    \SystemRoot\system32\drivers\NETIO.SYS

    \SystemRoot\System32\Drivers\ksecpkg.sys

    \SystemRoot\System32\drivers\tcpip.sys

    \SystemRoot\System32\drivers\fwpkclnt.sys

    \SystemRoot\system32\drivers\volsnap.sys

    \SystemRoot\System32\Drivers\spldr.sys

    \SystemRoot\System32\drivers\rdyboost.sys

    \SystemRoot\System32\Drivers\mup.sys

    \SystemRoot\System32\drivers\hwpolicy.sys

    \SystemRoot\System32\DRIVERS\fvevol.sys

    \SystemRoot\system32\DRIVERS\EMSC.SYS

    \SystemRoot\system32\drivers\disk.sys

    \SystemRoot\system32\drivers\CLASSPNP.SYS

    \SystemRoot\System32\Drivers\Null.SYS

    \SystemRoot\System32\Drivers\Beep.SYS

    \SystemRoot\System32\drivers\vga.sys

    \SystemRoot\System32\drivers\VIDEOPRT.SYS

    \SystemRoot\System32\drivers\watchdog.sys

    \SystemRoot\System32\DRIVERS\RDPCDD.sys

    \SystemRoot\system32\drivers\rdpencdd.sys

    \SystemRoot\system32\drivers\rdprefmp.sys

    \SystemRoot\System32\Drivers\Msfs.SYS

    \SystemRoot\System32\Drivers\Npfs.SYS

    \SystemRoot\system32\DRIVERS\tdx.sys

    \SystemRoot\system32\DRIVERS\TDI.SYS

    \SystemRoot\System32\DRIVERS\netbt.sys

    \SystemRoot\system32\drivers\afd.sys

    \SystemRoot\system32\drivers\ws2ifsl.sys

    \SystemRoot\system32\DRIVERS\wfplwf.sys

    \SystemRoot\system32\DRIVERS\pacer.sys

    \SystemRoot\system32\DRIVERS\vwififlt.sys

    \SystemRoot\system32\DRIVERS\netbios.sys

    \SystemRoot\system32\DRIVERS\wanarp.sys

    \SystemRoot\system32\DRIVERS\termdd.sys

    \SystemRoot\system32\DRIVERS\rdbss.sys

    \SystemRoot\system32\drivers\nsiproxy.sys

    \SystemRoot\system32\DRIVERS\mssmbios.sys

    \SystemRoot\System32\drivers\discache.sys

    \SystemRoot\System32\Drivers\dfsc.sys

    \SystemRoot\system32\DRIVERS\blbdrive.sys

    \SystemRoot\system32\DRIVERS\tunnel.sys

    \SystemRoot\system32\DRIVERS\intelppm.sys

    \SystemRoot\system32\DRIVERS\igdkmd32.sys

    \SystemRoot\System32\drivers\dxgkrnl.sys

    \SystemRoot\System32\drivers\dxgmms1.sys

    \SystemRoot\system32\DRIVERS\HDAudBus.sys

    \SystemRoot\system32\DRIVERS\Rt86win7.sys

    \SystemRoot\system32\DRIVERS\bcmwl6.sys

    \SystemRoot\system32\DRIVERS\vwifibus.sys

    \SystemRoot\system32\drivers\usbuhci.sys

    \SystemRoot\system32\drivers\USBPORT.SYS

    \SystemRoot\system32\drivers\usbehci.sys

    \SystemRoot\system32\DRIVERS\CmBatt.sys

    \SystemRoot\system32\DRIVERS\i8042prt.sys

    \SystemRoot\system32\DRIVERS\kbdclass.sys

    \SystemRoot\system32\DRIVERS\SynTP.sys

    \SystemRoot\system32\DRIVERS\USBD.SYS

    \SystemRoot\system32\DRIVERS\mouclass.sys

    \SystemRoot\system32\DRIVERS\CompositeBus.sys

    \SystemRoot\system32\DRIVERS\AgileVpn.sys

    \SystemRoot\system32\DRIVERS\rasl2tp.sys

    \SystemRoot\system32\DRIVERS\ndistapi.sys

    \SystemRoot\system32\DRIVERS\ndiswan.sys

    \SystemRoot\system32\DRIVERS\raspppoe.sys

    \SystemRoot\system32\DRIVERS\raspptp.sys

    \SystemRoot\system32\DRIVERS\rassstp.sys

    \SystemRoot\system32\DRIVERS\swenum.sys

    \SystemRoot\system32\DRIVERS\ks.sys

    \SystemRoot\system32\DRIVERS\umbus.sys

    \SystemRoot\system32\DRIVERS\usbhub.sys

    \SystemRoot\System32\Drivers\NDProxy.SYS

    \SystemRoot\system32\drivers\RTKVHDA.sys

    \SystemRoot\system32\drivers\portcls.sys

    \SystemRoot\system32\drivers\drmk.sys

    \SystemRoot\System32\Drivers\crashdmp.sys

    \SystemRoot\System32\Drivers\dump_dumpata.sys

    \SystemRoot\System32\Drivers\dump_msahci.sys

    \SystemRoot\System32\Drivers\dump_dumpfve.sys

    \SystemRoot\System32\win32k.sys

    \SystemRoot\System32\drivers\Dxapi.sys

    \SystemRoot\system32\DRIVERS\usbccgp.sys

    \SystemRoot\system32\DRIVERS\hidusb.sys

    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

    \SystemRoot\System32\Drivers\LEqdUsb.Sys

    \SystemRoot\system32\DRIVERS\kbdhid.sys

    \SystemRoot\system32\DRIVERS\mouhid.sys

    \SystemRoot\System32\Drivers\LHidEqd.Sys

    \SystemRoot\system32\DRIVERS\LHidFilt.Sys

    \SystemRoot\system32\DRIVERS\LMouFilt.Sys

    \SystemRoot\System32\Drivers\RtsUStor.sys

    \SystemRoot\System32\Drivers\usbvideo.sys

    \SystemRoot\system32\DRIVERS\CtClsFlt.sys

    \SystemRoot\System32\TSDDD.dll

    \SystemRoot\System32\cdd.dll

    \SystemRoot\System32\ATMFD.DLL

    \SystemRoot\system32\drivers\luafv.sys

    \??\C:\Windows\system32\drivers\mbam.sys

    \SystemRoot\system32\DRIVERS\Sftvollh.sys

    \SystemRoot\system32\DRIVERS\lltdio.sys

    \SystemRoot\system32\DRIVERS\nwifi.sys

    \SystemRoot\system32\DRIVERS\ndisuio.sys

    \SystemRoot\system32\DRIVERS\rspndr.sys

    \SystemRoot\System32\Drivers\fastfat.SYS

    \SystemRoot\system32\drivers\HTTP.sys

    \SystemRoot\System32\DRIVERS\srvnet.sys

    \SystemRoot\system32\DRIVERS\vwifimp.sys

    \SystemRoot\system32\DRIVERS\bowser.sys

    \SystemRoot\System32\drivers\mpsdrv.sys

    \SystemRoot\system32\DRIVERS\mrxsmb.sys

    \SystemRoot\system32\DRIVERS\mrxsmb10.sys

    \SystemRoot\system32\DRIVERS\mrxsmb20.sys

    \SystemRoot\System32\DRIVERS\srv2.sys

    \SystemRoot\System32\DRIVERS\srv.sys

    \SystemRoot\system32\drivers\peauth.sys

    \SystemRoot\System32\Drivers\secdrv.SYS

    \SystemRoot\system32\DRIVERS\Sftfslh.sys

    \SystemRoot\system32\DRIVERS\Sftplaylh.sys

    \SystemRoot\System32\drivers\tcpipreg.sys

    \SystemRoot\system32\DRIVERS\Sftredirlh.sys

    \SystemRoot\system32\drivers\WudfPf.sys

    \SystemRoot\system32\DRIVERS\WUDFRd.sys

    \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

    \SystemRoot\system32\DRIVERS\monitor.sys

    \??\C:\Windows\system32\drivers\mbamchameleon.sys

    \??\C:\Windows\system32\drivers\mbamswissarmy.sys

    \Windows\System32\ntdll.dll

    \Windows\System32\smss.exe

    \Windows\System32\apisetschema.dll

    \Windows\System32\autochk.exe

    \Windows\System32\nsi.dll

    \Windows\System32\advapi32.dll

    \Windows\System32\sechost.dll

    \Windows\System32\imagehlp.dll

    \Windows\System32\iertutil.dll

    \Windows\System32\psapi.dll

    \Windows\System32\urlmon.dll

    \Windows\System32\setupapi.dll

    \Windows\System32\msvcrt.dll

    \Windows\System32\user32.dll

    \Windows\System32\usp10.dll

    \Windows\System32\kernel32.dll

    \Windows\System32\clbcatq.dll

    \Windows\System32\msctf.dll

    \Windows\System32\Wldap32.dll

    \Windows\System32\gdi32.dll

    \Windows\System32\imm32.dll

    \Windows\System32\lpk.dll

    \Windows\System32\shlwapi.dll

    \Windows\System32\ws2_32.dll

    \Windows\System32\difxapi.dll

    \Windows\System32\wininet.dll

    \Windows\System32\comdlg32.dll

    \Windows\System32\ole32.dll

    \Windows\System32\rpcrt4.dll

    \Windows\System32\shell32.dll

    \Windows\System32\oleaut32.dll

    \Windows\System32\normaliz.dll

    \Windows\System32\KernelBase.dll

    \Windows\System32\comctl32.dll

    \Windows\System32\crypt32.dll

    \Windows\System32\devobj.dll

    \Windows\System32\wintrust.dll

    \Windows\System32\cfgmgr32.dll

    \Windows\System32\msasn1.dll

    ----------- End -----------

    <<<1>>>

    Upper Device Name: \Device\Harddisk1\DR1

    Upper Device Object: 0xffffffff853d2610

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\0000007b\

    Lower Device Object: 0xffffffff85387418

    Lower Device Driver Name: \Driver\RSUSBSTOR\

    Driver name found: RSUSBSTOR

    Load Function returned 0xc0000001

    <<<1>>>

    Upper Device Name: \Device\Harddisk0\DR0

    Upper Device Object: 0xffffffff845507c8

    Upper Device Driver Name: \Driver\Disk\

    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

    Lower Device Object: 0xffffffff84437908

    Lower Device Driver Name: \Driver\atapi\

    Driver name found: atapi

    Initialization returned 0x0

    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

    Load Function returned 0x0

    Downloaded database version: v2013.01.17.09

    Initializing...

    Done!

    <<<2>>>

    Device number: 0, partition: 1

    Physical Sector Size: 512

    Drive: 0, DevicePointer: 0xffffffff845507c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff84550400, DeviceName: Unknown, DriverName: \Driver\partmgr\

    DevicePointer: 0xffffffff845507c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff84456c10, DeviceName: Unknown, DriverName: \Driver\ACPI\

    DevicePointer: 0xffffffff84437908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

    ------------ End ----------

    Upper DeviceData: 0xffffffffb1210ca8, 0xffffffff845507c8, 0xffffffff839005f8

    Lower DeviceData: 0xffffffffb1678008, 0xffffffff84437908, 0xffffffff8575d900

    <<<3>>>

    Volume: C:

    File system type: NTFS

    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

    Scanning directory: C:\Windows\system32\drivers...

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: E57A60C3

    Partition information:

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048 Numsec = 283904000

    Partition file system is NTFS

    Partition is bootable

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 283906048 Numsec = 28672000

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 160041885696 bytes

    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-312561808-312581808)...

    Physical Sector Size: 512

    Drive: 1, DevicePointer: 0xffffffff853d2610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

    --------- Disk Stack ------

    DevicePointer: 0xffffffff85387aa8, DeviceName: Unknown, DriverName: \Driver\partmgr\

    DevicePointer: 0xffffffff853d2610, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

    DevicePointer: 0xffffffff85387418, DeviceName: \Device\0000007b\, DriverName: \Driver\RSUSBSTOR\

    ------------ End ----------

    Upper DeviceData: 0x0, 0x0, 0x0

    Lower DeviceData: 0x0, 0x0, 0x0

    Drive 1

    Scanning MBR on drive 1...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 0

    Partition information:

    Partition 0 type is Other (0x6)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 137 Numsec = 3841911

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1967128576 bytes

    Sector size: 512 bytes

    Done!

    Performing system, memory and registry scan...

    Done!

    Scan finished

    =======================================

    Malwarebytes Anti-Rootkit BETA 1.01.0.1016

    www.malwarebytes.org

    Database version: v2013.01.17.09

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Allan :: VINCENTPRICE [administrator]

    1/17/2013 4:03:12 PM

    mbar-log-2013-01-17 (16-03-12).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled:

    Objects scanned: 28336

    Time elapsed: 15 minute(s), 46 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    # AdwCleaner v2.106 - Logfile created 01/17/2013 at 16:05:57

    # Updated 17/01/2013 by Xplode

    # Operating system : Windows 7 Starter Service Pack 1 (32 bits)

    # User : Allan - VINCENTPRICE

    # Boot Mode : Normal

    # Running from : C:\Users\Allan\Downloads\adwcleaner.exe

    # Option [search]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    Key Found : HKLM\Software\Conduit

    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

    ***** [internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\kgvuflc5.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [967 octets] - [17/01/2013 16:05:57]

    ########## EOF - C:\AdwCleaner[R1].txt - [1026 octets] ##########

    I haven't noticed anything recently, computer seems to be okay.

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.01.07.03

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Allan :: VINCENTPRICE [administrator]

    Protection: Enabled

    1/13/2013 1:10:33 AM

    mbam-log-2013-01-13 (01-10-33).txt

    Scan type: Full scan (C:\|D:\|Q:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 311893

    Time elapsed: 57 minute(s), 57 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    omboFix 13-01-13.01 - Allan 01/13/2013 2:19.1.2 - x86

    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.323 [GMT -8:00]

    Running from: c:\users\Allan\Desktop\ComboFix.exe

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\hgstarterjp_verinfo.dat

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))

    .

    .

    2013-01-10 11:34 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys

    2013-01-10 11:34 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll

    2013-01-10 11:33 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll

    2013-01-10 11:31 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

    2013-01-09 11:00 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll

    2013-01-09 11:00 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe

    2013-01-09 10:27 . 2013-01-09 10:27 -------- d-----w- C:\FRST

    2013-01-02 09:17 . 2013-01-02 09:17 -------- d-----w- c:\users\Allan\AppData\Roaming\Malwarebytes

    2013-01-02 09:17 . 2013-01-02 09:17 -------- d-----w- c:\programdata\Malwarebytes

    2013-01-02 09:17 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-01-02 09:17 . 2013-01-02 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2013-01-02 09:17 . 2013-01-02 09:17 -------- d-----w- c:\users\Allan\AppData\Local\Programs

    2012-12-21 11:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 11:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-01-11 09:28 . 2012-04-09 07:18 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-01-11 09:28 . 2011-12-24 10:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-11-09 04:42 . 2012-12-13 01:15 2048 ----a-w- c:\windows\system32\tzres.dll

    2012-11-07 09:32 . 2012-11-07 09:32 53248 ----a-r- c:\users\Allan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

    2012-11-07 09:32 . 2012-11-07 09:32 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

    2012-11-02 05:11 . 2012-12-13 01:16 376832 ----a-w- c:\windows\system32\dpnet.dll

    2012-10-18 22:06 . 2012-10-18 22:06 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

    2012-10-16 07:39 . 2012-11-29 01:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    2012-12-07 02:15 . 2012-10-17 19:02 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]

    "Steam"="c:\program files\Steam\Steam.exe" [2012-12-04 1354736]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 7866912]

    "BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]

    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

    "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

    "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]

    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

    "Desktop Disc Tool"="c:\program files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

    "WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

    "DLCJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2006-10-20 73728]

    "dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2007-01-12 439792]

    "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2006-12-11 304008]

    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]

    .

    c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

    2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

    R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]

    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

    S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [x]

    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x]

    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - WS2IFSL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 09:28]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = www.dell.com

    TCP: DhcpNameServer = 192.168.1.1

    DPF: {1DC420F0-D89A-40D0-B5CC-92B9AD19A1AC} - hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP28.cab

    FF - ProfilePath - c:\users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\kgvuflc5.default\

    FF - prefs.js: network.proxy.type - 0

    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\WLANExt.exe

    c:\windows\system32\conhost.exe

    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\windows\system32\dlcjcoms.exe

    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    c:\windows\system32\taskhost.exe

    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

    c:\windows\System32\WUDFHost.exe

    c:\windows\System32\rundll32.exe

    c:\windows\system32\conhost.exe

    c:\windows\system32\igfxsrvc.exe

    c:\program files\Synaptics\SynTP\SynTPHelper.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe

    c:\windows\system32\sppsvc.exe

    .

    **************************************************************************

    .

    Completion time: 2013-01-13 02:40:56 - machine was rebooted

    ComboFix-quarantined-files.txt 2013-01-13 10:40

    .

    Pre-Run: 121,298,931,712 bytes free

    Post-Run: 121,624,911,872 bytes free

    .

    - - End Of File - - F0E7B01F1F90510373694BC31D9E82BB

    It seems okay, maybe a little slow here and there.

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    Sorry about the wait, here you go!

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-01-2013

    Ran by SYSTEM at 2013-01-11 01:51:51 Run:1

    Running from E:\

    ==============================================

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully .

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present).

    C:\$Recycle.Bin\S-1-5-21-1474778107-3533465811-3742675228-1002\$b27192da75a7840537918232e90cd930 moved successfully.

    C:\$Recycle.Bin\S-1-5-18\$b27192da75a7840537918232e90cd930 moved successfully.

    ==== End of Fixlog ====

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2013

    Ran by SYSTEM at 09-01-2013 02:28:11

    Running from E:\

    Windows 7 Starter (X86) OS Language: English(US)

    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1692968 2010-02-05] (Synaptics Incorporated)

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7866912 2009-11-17] (Realtek Semiconductor)

    HKLM\...\Run: [bTMeter] C:\Program Files\Battery Meter\BTMeter.exe [623984 2009-07-22] (Dell)

    HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)

    HKLM\...\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)

    HKLM\...\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)

    HKLM\...\Run: [] [x]

    HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)

    HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()

    HKLM\...\Run: [WSED] C:\Program Files\WSED\WSED.exe [247080 2009-05-27] (Dell)

    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

    HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

    HKLM\...\Run: [DLCJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 [73728 2006-10-20] ()

    HKLM\...\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [439792 2007-01-12] (Dell)

    HKLM\...\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [304008 2006-12-11] ()

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1851192 2012-11-04] (Logitech, Inc.)

    HKU\Allan\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)

    HKU\Allan\...\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent [1354736 2012-12-04] (Valve Corporation)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]

    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    Startup: C:\Users\Allan\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

    ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

    ==================== Services (Whitelisted) ===================

    2 dlcj_device; C:\Windows\system32\dlcjcoms.exe -service [537480 2006-12-11] ( )

    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

    3 RoxMediaDB12OEM; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)

    2 RoxWatch12; "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)

    ==================== Drivers (Whitelisted) ====================

    0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [13680 2009-06-26] (Windows ® Win 7 DDK provider)

    3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [43704 2012-09-18] (Logitech, Inc.)

    3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [12216 2012-09-18] (Logitech, Inc.)

    3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [39608 2012-09-18] (Logitech, Inc.)

    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2013-01-09 02:27 - 2013-01-09 02:27 - 00000000 ____D C:\FRST

    2013-01-09 02:18 - 2013-01-09 02:18 - 00909506 ____A (Farbar) C:\Users\Allan\Downloads\FRST.exe

    2013-01-07 22:47 - 2013-01-07 22:48 - 00013425 ____A C:\Users\Allan\Desktop\dds.txt

    2013-01-07 22:47 - 2013-01-07 22:48 - 00006229 ____A C:\Users\Allan\Desktop\attach.txt

    2013-01-07 22:44 - 2013-01-07 22:44 - 00688992 ____R (Swearware) C:\Users\Allan\Downloads\dds.com

    2013-01-02 01:17 - 2013-01-02 01:17 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2013-01-02 01:17 - 2013-01-02 01:17 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Malwarebytes

    2013-01-02 01:17 - 2013-01-02 01:17 - 00000000 ____D C:\Users\All Users\Malwarebytes

    2013-01-02 01:17 - 2013-01-02 01:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2013-01-02 01:17 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    2013-01-02 01:16 - 2013-01-02 01:16 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Allan\Downloads\mbam-setup-1.70.0.1100.exe

    2012-12-28 16:03 - 2012-12-28 16:03 - 00000052 ____A C:\Users\Allan\Desktop\Interview.txt

    2012-12-21 03:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

    2012-12-21 03:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

    2012-12-14 19:44 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

    2012-12-14 19:44 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

    2012-12-14 19:44 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

    2012-12-14 19:44 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

    2012-12-14 19:44 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

    2012-12-14 19:44 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

    2012-12-14 19:44 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

    2012-12-14 19:44 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

    2012-12-14 19:44 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

    2012-12-14 19:44 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

    2012-12-14 19:44 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

    2012-12-14 19:44 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

    2012-12-14 19:44 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

    2012-12-14 19:44 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

    2012-12-14 19:44 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

    2012-12-14 19:44 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

    2012-12-12 17:19 - 2012-11-21 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    2012-12-12 17:19 - 2012-10-04 08:47 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

    2012-12-12 17:19 - 2012-10-04 08:43 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

    2012-12-12 17:19 - 2012-10-04 08:43 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 06:57 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

    2012-12-12 17:19 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

    2012-12-12 17:19 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

    2012-12-12 17:16 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll

    2012-12-12 17:15 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

    ==================== One Month Modified Files and Folders ========

    2013-01-09 02:27 - 2013-01-09 02:27 - 00000000 ____D C:\FRST

    2013-01-09 02:21 - 2011-11-23 14:43 - 01761495 ____A C:\Windows\WindowsUpdate.log

    2013-01-09 02:21 - 2009-07-13 20:34 - 00016928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2013-01-09 02:21 - 2009-07-13 20:34 - 00016928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2013-01-09 02:18 - 2013-01-09 02:18 - 00909506 ____A (Farbar) C:\Users\Allan\Downloads\FRST.exe

    2013-01-09 02:18 - 2010-11-20 13:01 - 00779700 ____A C:\Windows\System32\PerfStringBackup.INI

    2013-01-09 01:58 - 2012-04-08 23:18 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

    2013-01-07 22:54 - 2012-04-08 23:18 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

    2013-01-07 22:54 - 2011-12-24 02:28 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

    2013-01-07 22:48 - 2013-01-07 22:47 - 00013425 ____A C:\Users\Allan\Desktop\dds.txt

    2013-01-07 22:48 - 2013-01-07 22:47 - 00006229 ____A C:\Users\Allan\Desktop\attach.txt

    2013-01-07 22:44 - 2013-01-07 22:44 - 00688992 ____R (Swearware) C:\Users\Allan\Downloads\dds.com

    2013-01-04 03:27 - 2011-12-23 20:45 - 00000000 ____D C:\Users\Allan\AppData\Local\VirtualStore

    2013-01-03 18:58 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\restore

    2013-01-02 17:59 - 2012-06-01 17:07 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Applian FLV and Media Player

    2013-01-02 16:50 - 2012-06-26 03:55 - 00000000 ____D C:\Program Files\Steam

    2013-01-02 10:42 - 2010-11-20 13:48 - 00082404 ____A C:\Windows\PFRO.log

    2013-01-02 10:42 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

    2013-01-02 10:42 - 2009-07-13 20:39 - 00050576 ____A C:\Windows\setupact.log

    2013-01-02 03:13 - 2012-06-26 03:55 - 00000000 ____D C:\Program Files\Common Files\Steam

    2013-01-02 03:12 - 2011-11-23 14:00 - 00000000 ____D C:\Users\All Users\McAfee

    2013-01-02 02:04 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore

    2013-01-02 02:02 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public

    2013-01-02 01:17 - 2013-01-02 01:17 - 00001077 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2013-01-02 01:17 - 2013-01-02 01:17 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Malwarebytes

    2013-01-02 01:17 - 2013-01-02 01:17 - 00000000 ____D C:\Users\All Users\Malwarebytes

    2013-01-02 01:17 - 2013-01-02 01:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

    2013-01-02 01:16 - 2013-01-02 01:16 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Allan\Downloads\mbam-setup-1.70.0.1100.exe

    2012-12-28 16:03 - 2012-12-28 16:03 - 00000052 ____A C:\Users\Allan\Desktop\Interview.txt

    2012-12-23 01:39 - 2009-07-13 20:33 - 00312472 ____A C:\Windows\System32\FNTCACHE.DAT

    2012-12-18 18:56 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache

    2012-12-16 06:13 - 2012-12-21 03:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

    2012-12-16 06:13 - 2012-12-21 03:00 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll

    2012-12-15 11:47 - 2012-09-10 12:57 - 00000000 ____D C:\Program Files\Dl_cats

    2012-12-15 11:45 - 2012-05-07 16:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

    2012-12-15 11:43 - 2012-01-11 20:27 - 00000000 ____D C:\Users\Allan\AppData\Roaming\SoftGrid Client

    2012-12-14 19:36 - 2012-11-29 04:30 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

    2012-12-14 16:49 - 2013-01-02 01:17 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

    ZeroAccess:

    C:\$Recycle.Bin\S-1-5-21-1474778107-3533465811-3742675228-1002\$b27192da75a7840537918232e90cd930

    ZeroAccess:

    C:\$Recycle.Bin\S-1-5-18\$b27192da75a7840537918232e90cd930

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\System32\services.exe => MD5 is legit

    C:\Windows\System32\User32.dll => MD5 is legit

    C:\Windows\System32\userinit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK

    HKLM\...\exefile\DefaultIcon: %1 => OK

    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-01-03 18:59:03

    ==================== Memory info ===========================

    Percentage of memory in use: 49%

    Total physical RAM: 1013.36 MB

    Available physical RAM: 510.13 MB

    Total Pagefile: 1013.36 MB

    Available Pagefile: 505.74 MB

    Total Virtual: 2047.88 MB

    Available Virtual: 1960.7 MB

    ==================== Partitions =============================

    1 Drive c: (OSDisk) (Fixed) (Total:135.38 GB) (Free:114.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

    2 Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:8.28 GB) NTFS

    3 Drive e: () (Removable) (Total:1.83 GB) (Free:0.17 GB) FAT

    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt

    -------- ------------- ------- ------- --- ---

    Disk 0 Online 149 GB 0 B

    Disk 1 Online 1876 MB 0 B

    Partitions of Disk 0:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 135 GB 1024 KB

    Partition 2 Primary 13 GB 135 GB

    =========================================================

    Disk: 0

    Partition 1

    Type : 07

    Hidden: No

    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 0 C OSDisk NTFS Partition 135 GB Healthy

    =========================================================

    Disk: 0

    Partition 2

    Type : 07

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 1 D Recovery NTFS Partition 13 GB Healthy

    =========================================================

    Partitions of Disk 1:

    ===============

    Partition ### Type Size Offset

    ------------- ---------------- ------- -------

    Partition 1 Primary 1875 MB 68 KB

    =========================================================

    Disk: 1

    Partition 1

    Type : 06

    Hidden: No

    Active: No

    Volume ### Ltr Label Fs Type Size Status Info

    ---------- --- ----------- ----- ---------- ------- --------- --------

    * Volume 2 E FAT Removable 1875 MB Healthy

    =========================================================

    Last Boot: 2013-01-06 16:44

    ==================== End Of Log ============================

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    Here's the MBAM log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.01.07.03

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Allan :: VINCENTPRICE [administrator]

    Protection: Enabled

    1/7/2013 10:28:19 PM

    mbam-log-2013-01-07 (22-28-19).txt

    Scan type: Full scan (C:\|D:\|Q:\|)

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 306779

    Time elapsed: 43 minute(s), 27 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 2

    HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$b27192da75a7840537918232e90cd930\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully.

    HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-1474778107-3533465811-3742675228-1002\$b27192da75a7840537918232e90cd930\n.) Good: (shell32.dll) -> Quarantined and repaired successfully.

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    Here's the DDS Log:

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_32

    Run by Allan at 22:45:41 on 2013-01-07

    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.228 [GMT -8:00]

    .

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Windows\system32\dlcjcoms.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Program Files\Battery Meter\BTMeter.exe

    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

    C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

    C:\Program Files\WSED\WSED.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe

    C:\Program Files\Dell Photo AIO Printer 964\memcard.exe

    C:\Program Files\Logitech\SetPointP\SetPoint.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files\BYOND\bin\byond.exe

    C:\Users\Allan\AppData\Local\Temp\2jfuweif.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Windows\system32\consent.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = www.dell.com

    uDefault_Page_URL = www.dell.com

    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

    BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

    uRun: [steam] "c:\program files\steam\Steam.exe" -silent

    mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

    mRun: [bTMeter] c:\program files\battery meter\BTMeter.exe

    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2

    mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

    mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"

    mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"

    mRun: [WSED] c:\program files\wsed\WSED.exe

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16

    mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"

    mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe"

    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

    StartupFolder: c:\users\allan\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    LSP: mswsock.dll

    DPF: {1DC420F0-D89A-40D0-B5CC-92B9AD19A1AC} - hxxp://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP28.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{4B27CF3C-D7AD-4AC6-B536-D87E594C0A79} : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{4B27CF3C-D7AD-4AC6-B536-D87E594C0A79}\14625462C472370205562737F6E616C6027594D26494 : DHCPNameServer = 10.0.1.1

    TCP: Interfaces\{4B27CF3C-D7AD-4AC6-B536-D87E594C0A79}\2375942554832353 : DHCPNameServer = 192.168.1.254

    TCP: Interfaces\{4B27CF3C-D7AD-4AC6-B536-D87E594C0A79}\55C4834553 : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{4B27CF3C-D7AD-4AC6-B536-D87E594C0A79}\74F6C666023456E6472716C6 : DHCPNameServer = 71.9.127.107 68.190.192.35 24.205.224.36

    TCP: Interfaces\{4B27CF3C-D7AD-4AC6-B536-D87E594C0A79}\D616279656 : DHCPNameServer = 192.168.1.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

    Notify: igfxcui - igfxdev.dll

    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    SSODL: WebCheck - <orphaned>

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\allan\appdata\roaming\mozilla\firefox\profiles\kgvuflc5.default\

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll

    FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll

    FF - plugin: c:\program files\byond\bin\npbyond.dll

    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll

    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    FF - plugin: c:\users\allan\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

    FF - plugin: c:\windows\system32\npdeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

    ============= SERVICES / DRIVERS ===============

    .

    R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 13680]

    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-2 398184]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-2 682344]

    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-11-23 143968]

    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2012-9-18 43704]

    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2012-9-18 12216]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-2 21104]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatch12OEM.exe [2010-11-25 219632]

    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2011-11-23 134144]

    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxMediaDB12OEM.exe [2010-11-25 1116656]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-11-23 174592]

    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

    .

    =============== Created Last 30 ================

    .

    2013-01-02 09:17:58 -------- d-----w- c:\users\allan\appdata\roaming\Malwarebytes

    2013-01-02 09:17:30 -------- d-----w- c:\programdata\Malwarebytes

    2013-01-02 09:17:27 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-01-02 09:17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2013-01-02 09:17:09 -------- d-----w- c:\users\allan\appdata\local\Programs

    2012-12-21 11:00:20 295424 ----a-w- c:\windows\system32\atmfd.dll

    2012-12-21 11:00:19 34304 ----a-w- c:\windows\system32\atmlib.dll

    2012-12-13 01:19:53 2345984 ----a-w- c:\windows\system32\win32k.sys

    2012-12-13 01:16:28 376832 ----a-w- c:\windows\system32\dpnet.dll

    2012-12-13 01:15:11 2048 ----a-w- c:\windows\system32\tzres.dll

    .

    ==================== Find3M ====================

    .

    2013-01-02 09:01:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-01-02 09:01:01 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll

    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll

    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll

    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-11-07 09:32:08 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

    2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

    .

    ============= FINISH: 22:47:05.21 ===============

    I also have the attach log if you need it.

    Trojans Keep Returning

    in Resolved Malware Removal Logs

    Posted

    Hey, a couple days ago Mcafee went crazy finding a ton of malicious files. After reading around and finding that my security was garbage I installed the free version of your product and it removed several files. It popped up again a few days later, and after about a week, today, it popped up again with a huge amount of files quarantined. I appreciate any help with this, thanks.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.